Application Security Engineer
CrowdStrike is the leader in cloud-delivered next-generation endpoint protection, threat intelligence, and pre- and post-incident response services. With the ability to collect and process over 100 billion events a day, CrowdStrike has revolutionized endpoint protection by being the first and only company to unify next-generation antivirus (AV), endpoint detection and response (EDR), and a 24/7 managed hunting service — all delivered via a single lightweight agent. We are one of the World's Most 50 Innovative Companies according to MIT, and one of Forbes Most Promising Companies. Our growth and innovation are driven by incredible employees who deliver unmatched customer success.
We have received a number of exciting awards including:
- October 2018: 100 Best Medium Workplaces Second Year in a Row by Fortune magazine.
- June 2018: Closed over $200 million, led by General Atlantic, Accel and IVP, with participation from March Capital and CapitalG (Google), achieving a valuation of more than $3 billion.
- April 2018: CrowdStrike Wins SC Award for Best Security Company Second Year in a Row.
About the Role
Help us protect CrowdStrike and its customers from the most advanced threats! CrowdStrike’s Application Security team breaks the mold of traditional application security and thinks like the attacker to help design secure applications. As an Application Security Engineer, you will perform technical security assessments, code reviews, and security testing to highlight risk and help engineering teams improve the overall security of our products.
- Help ensure software and systems are designed and implemented to the highest security standards.
- Develop threat models and test plans for new and existing platform components.
- Create tools and automation to help test and monitor product security.
- Test technical system components from module subsystems to entire frameworks.
- Develop system design and coding best practices for engineering teams.
- Bachelor’s Degree (minimum) in Computer Science or equivalent work experience
- Minimum of 4 years of experience working in the field of Application Security, Network Security, Mobile Application Security, or Cloud Security
- Programing knowledge in at least 2 languages (C/C++, Go, Python preferred)
- Experience in vulnerability identification, assessment, and remediation
- Strong communication (written and verbal), interpersonal and problem-solving skills
- Knowledge of networking principles and applications, including protocol level
- Knowledge of theoretical and applied Cryptography
- Exposure to Windows, OSX, and Linux operating system
- Experience with at least two of the following: Application Security testing methodologies, Reverse Engineering (User-mode, Kernel-mode), and Penetration Testing techniques
- Familiarity with tools such as Wireshark, Kali, IDA Pro, Hopper, Radare2/GDB, BurpSuite, Nmap, others
- Strong debugging skills. Ability to spot design flaws, race conditions, performance bottlenecks in complex architectures and simple misconfigurations.
- Experience testing Restful APIs
- Familiarity with secure coding concepts
- Vulnerability Research, Fuzzing, Exploit Development.
- Experience writing custom plugins and automating RE tasks for tools such as Immunity Debugger.
- Familiarity with OWASP Top 10, CWE, SANS Top 25
- You’re a clear thinker and efficient communicator
- Other technical security certifications or academic background
- Familiar with Failure Mode Effects Analysis applied to software systems
- Experience working remotely
Benefits of Working at CrowdStrike
- Competitive compensation + Stock Options
- Competitive Vacation Policy
- Paid parental leave
- Competitive Health, dental, and vision benefits for you and your family
- We embrace distributed work and flexible work hours
- Wellness programs
- Stocked fridges, coffee, soda, and lots of treats
- Free lunches regularly catered
- Regular team activities, including happy hours, community service events
CrowdStrike believes that diversity and inclusion among our organization is essential to our success as a global company, and we seek to attract, retain and empower the industries best and brightest from a diverse talent pool.
CrowdStrike is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex including sexual orientation and gender identity, national origin, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law.